What's the correct format of private_key when using it as an environment variable?
I am trying to use private_key for some GCP service nodejs client libraries, e.g. @google-cloud/pubsub, @google-cloud/trace-agent
I got private_key from service account credential json file like this:
I am trying to use it as an environment variable for cloud function.
.env.yaml:
And use it like this:
// ...
credentials: {
private_key: envs.private_key,
client_email: envs.client_email
},
projectId: envs.X_GOOGLE_GCLOUD_PROJECT
But got an error:
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
I check stackdriver logs, here is the private_key environment variable I got:
My guess is the format of private_key is not correct. It's probably caused by the newline symbol \n. So, what's the correct format when using private_key like this?
Setting the key in the .env.yaml file is not a good idea. Indeed, you will be able to commit it to git, maybe in a public repo, and you will set it in plain text as environment variable of your function.
It will be better if you set the file in a bucket, and load it in the runtime. BTW you will keep no secret in the project files.
Another solution is to encrypt with kms the key and decrypt it at runtime. This time you still have the secret in your project files, but encrypted.
But, what do you need another service account? This one on the function is not enough?
- GKE Fluent bit partial logs
- Apache Beam with Dataflow: flag 'ignore_unknown_columns' for WriteToBigQuery not working
- Google Speech to Text - Not Getting the transcription | SOLVED
- Why does Cloud Deploy not support multiple target types in one pipeline?
- CloudBuild pull status from latest run, from a specific build trigger using via CloudBuild API?
- Querying the Google Patent Data on Big Query processes way too much data
- Deleting a large folder from Google Cloud Storage
- Cannot create a service account with permissions for Google Play Android Developer API
- GCP - How do you create a URL Redirect path rule with gcloud url-maps?
- API [sqladmin.googleapis.com] not enabled on project [1234].
- Error uploading file to google cloud storage
- Custom Service Account with KFP pipelines in Vertex AI
- Not able to connect mysql with SSL enforced to app engine without connecting first in cloud shell
- If the GCP pub sub Subscription Expiration is same as Subscription Message Retention will the subscription not expire
- Cloud function is not triggered by pub/sub topic
- Java application unable to find ADC when Workload Identity is enabled on GKE cluster
- Service account with Workspace-authorized domain-wide delegation gets error "Not Authorized to access this resource/api" when running cloud function
- How to download a pushed Odoo release and upload to Github
- GCP authentication when testing a container in the local development environment
- VPCSC and Folder in GCP
- GAE: find project name by project number
- Google Cloud functions v2 eventarc - How to Track User Context for Deletions in Firebase Realtime Database
- Google Cloud Bigtable vs Google Cloud Datastore
- Batch job submission error "Failed to process all documents", uris seem correct?
- 401 Unauthorized when installing Python package from Artifacts registry for Google Build
- Google Cloud Storage request blocked by CORS: not allowed by Access-Control-Allow-Origin
- Accessing users account with service account
- Firestore exception occurred in retry method that was not classified as transient
- Managed Service Provider on Google Cloud Platform
- Stripe Error: No signatures found matching the expected signature for payload